OsVault/npm/nw
npm3 critical

nw

57 known vulnerabilities · 3 critical · 4 high

CVE-2016-10588HIGH

Downloads Resources over HTTP in nw

Published Feb 18, 2019
CVE-2015-9235CRITICAL

Verification Bypass in jsonwebtoken

Published Oct 9, 2018
CVE-2024-39008CRITICAL

robinweser fast-loops vulnerable to prototype pollution

Published Jul 1, 2024
CVE-2016-10566HIGH

install-nw downloads Resources over HTTP

Published Feb 18, 2019
CVE-2017-16143HIGH

Directory Traversal in commentapp.stetsonwood

Published Jul 23, 2018
MAL-2022-2130

Malicious code in commonweb-config (npm)

Published Jun 20, 2022
MAL-2022-4214

Malicious code in komkgqhnwtauvfys (npm)

Published Jul 11, 2022
MAL-2022-3128

Malicious code in free-cashapp-money-hakc-akp-donwload-2022 (npm)

Published Jun 20, 2022
MAL-2022-3056

Malicious code in firstrunwizard (npm)

Published Jun 20, 2022
MAL-2022-2132

Malicious code in commonweb-utils (npm)

Published Jun 20, 2022
MAL-2023-266

Malicious code in do_not_install_this_is_a_test_package_norwegianwood (npm)

Published Jul 26, 2023
CVE-2025-27098

Unwanted access to the entire file system vulnerability due to a missing check in `staticFiles` HTTP handler

Published Feb 16, 2023
MAL-2024-8790

Malicious code in nwoeuot (npm)

Published Sep 4, 2024
CVE-2024-55500

Avenwu Whistle Cross-Site Request Forgery (CSRF)

Published Dec 10, 2024
MAL-2026-333

Malicious code in tronweb-tool (npm)

Published Jan 19, 2026
MAL-2025-47319

Malicious code in jsonwebjstoken (npm)

Published Sep 16, 2025
MAL-2026-392

Malicious code in jsonwebauth (npm)

Published Jan 21, 2026
MAL-2025-48046

Malicious code in redirect-4nwrkg (npm)

Published Oct 8, 2025
MAL-2024-11133

Malicious code in crypto-jsonwebtoken (npm)

Published Nov 29, 2024
GHSA-3846-mfvc-xwpf

Duplicate Advisory: Exec allowlist wrapper analysis did not unwrap env/shell dispatch chains

Published Mar 19, 2026
CVE-2021-23397MEDIUM

@ianwalter/merge Prototype Pollution via `merge` function

Published Jul 26, 2022
MAL-2026-2993

Malicious code in @openwebconcept/design-tokens (npm)

Published Apr 22, 2026
MAL-2026-2994

Malicious code in @openwebconcept/theme-owc (npm)

Published Apr 22, 2026
CVE-2016-10629HIGH

nw-with-arm downloads Resources over HTTP

Published Feb 18, 2019
CVE-2026-27566

OpenClaw's exec allowlist wrapper analysis did not unwrap env/shell dispatch chains

Published Mar 3, 2026
MAL-2022-6848

Malicious code in usaa-nw-build-tools (npm)

Published Jun 20, 2022
MAL-2026-1109

Malicious code in jsnwebapptoken (npm)

Published Mar 2, 2026
MAL-2025-3172

Malicious code in eslint-config-mytonwallet (npm)

Published Apr 8, 2025
MAL-2022-4981

Malicious code in nw-api-sdk (npm)

Published Jun 20, 2022
MAL-2022-4982

Malicious code in nwpfgeaquxjlzrib (npm)

Published Jul 11, 2022
CVE-2022-35924CRITICAL

NextAuth.js before 4.10.3 and 3.29.10 sending verification requests (magic link) to unwanted emails

Published Aug 2, 2022
MAL-2025-1404

Malicious code in coinw (npm)

Published Feb 17, 2025
CVE-2026-34775MEDIUM
Risk: 34.01/100

Electron: nodeIntegrationInWorker not correctly scoped in shared renderer processes

Published Apr 3, 2026
MAL-2022-1840

Malicious code in cashapp-hakc-apk-app-donwload-2022 (npm)

Published Jun 20, 2022
MAL-2022-5828

Malicious code in rnwasmtest (npm)

Published Jun 20, 2022
MAL-2022-3129

Malicious code in free-cashapp-money-hakc-apk-donwload-2022 (npm)

Published Jun 20, 2022
MAL-2022-3135

Malicious code in free-fire-hac-k-app-donwload-2022 (npm)

Published Jun 20, 2022
MAL-2022-3136

Malicious code in free-fire-hakc-donwload-tool-2022 (npm)

Published Jun 20, 2022
MAL-2022-3138

Malicious code in free-fire-skins-app-donwload-2022 (npm)

Published Jun 20, 2022
MAL-2022-3174

Malicious code in free-gta5-money-app-donwload-2022 (npm)

Published Jun 20, 2022
MAL-2022-2131

Malicious code in commonweb-dynamic-routing (npm)

Published Jun 20, 2022
MAL-2025-5195

Malicious code in jsonwepjoken (npm)

Published Jun 20, 2025
MAL-2022-4070

Malicious code in jsnwebtokn (npm)

Published Aug 19, 2022
MAL-2025-1405

Malicious code in coinw-dev (npm)

Published Feb 17, 2025
MAL-2022-410

Malicious code in @mainwp/fetlife-assets (npm)

Published Jun 20, 2022
MAL-2025-190765

Malicious code in capacitor-plugin-scgssigninwithgoogle (npm)

Published Nov 24, 2025
MAL-2024-11817

Malicious code in planweb-core-ui (npm)

Published Dec 12, 2024
MAL-2025-2695

Malicious code in nw.gui (npm)

Published Mar 25, 2025
MAL-2024-1560

Malicious code in pwnkunwar (npm)

Published Jun 9, 2024
CVE-2020-26306

Knwl.js Regular Expression Denial of Service vulnerability

Published Oct 26, 2024
MAL-2025-1406

Malicious code in coinw-main (npm)

Published Feb 17, 2025
MAL-2025-1407

Malicious code in coinw-test (npm)

Published Feb 17, 2025
MAL-2022-1916

Malicious code in cleanwebpackmplugin (npm)

Published Aug 19, 2022
MAL-2024-74

Malicious code in keptnwebservice (npm)

Published Jan 11, 2024
MAL-2025-48107

Malicious code in redirect-0vaxnw (npm)

Published Oct 9, 2025
MAL-2024-9372

Malicious code in gwqhnw (npm)

Published Oct 16, 2024
MAL-2025-47855

Malicious code in openwhisk-probot-builder (npm)

Published Sep 26, 2025
Check your entire dependency tree at onceRun dependency scan →